User Profile
Nivedipa-MSFT
MicrosoftJoined Oct 12, 2021
User Widgets
Recent Discussions
Re: SSO for a Python Teams Bot (M365 Agents SDK + FastAPI) — Single-Tenant, Multi-Tenant, and UAMI
Hello seydou - Most likely cause: Your Azure AD app or Bot OAuth connection is set up for a single tenant instead of multi-tenant. Key fixes: App registration: Change supported account types to Multitenant Bot OAuth connection: Set Tenant ID to common rather than a specific tenant ID Token Exchange URL: Use api://botid-{your-bot-id} MSAL authority in Python: https://login.microsoftonline.com/common Authorized client apps under "Expose an API": Include Teams client IDs (1fec8e78-bce4-4aaf-ab1b-5451cc387264 and 5e3ce6c0-2b1f-4285-8d4b-75ee78787346) External tenant admins may need to give consent using the admin consent URL Quick test: If SSO works for users in the same tenant but not for external users, it's likely that the tenant ID is hardcoded instead of set to common.Re: Bot not receiving message events in shared channels (RSC)
Hello Yash-ClearFeed, Teams message APIs (/messages/delta, /replies) share a limit of 60 requests/min per app per tenant. Under 60 channels: Polling every 60s is feasible 60+ channels: Use Graph change notifications (webhooks) as the primary method, with delta queries as periodic catch-up Always handle HTTP 429 with Retry-After and exponential backoffRe: Error ColdStoreNotSupportedForMessageException when sending message MS Teams via Graph API.
Hello Kimchhun - Apologies for the delay response. A ColdStoreNotSupportedForMessageException occurs when an API call tries to access or modify messages that have been moved to cold (archived) storage, typically because they are older than the active retention period. The cutOffColdStoreEpoch is an internal Teams setting that determines the boundary between hot and cold storage. It is not publicly documented and cannot be changed by developers or tenants. This exception often arises when using the Graph API to work with older messages, when bots reference past conversation activities, or during compliance exports involving tiered storage. Recommendation: To address this, handle the exception gracefully and avoid attempting to update or delete messages outside the retention window. If possible, provide details about the specific API call and the age of the affected messages.Re: Bot not receiving message events in shared channels (RSC)
Hello deepak_nayak, Currently, there are no real-time change notifications available for shared channel messages, as neither RSC nor Graph subscriptions provide this functionality. Recommended approach: Poll for updates using Graph delta queries every 60 seconds: GET /teams/{id}/channels/{id}/messages/delta You can combine this with InvalidUsername processing to support real-time interactions. At this time, no event-based solution is available.Re: Error ColdStoreNotSupportedForMessageException when sending message MS Teams via Graph API.
Hello Kimchhun - Thanks for bringing this issue to our attention. The “cold store” error typically occurs when your request is handled as if it should operate on an existing thread or message—such as in a reply or parent-message scenario—but the required internal parameter (cutOffColdStoreEpoch) is missing and cannot be set via Graph. Here’s how to address it quickly: To post a new top-level message, ensure you’re using the correct endpoint (without {message-id}): POST /teams/{team-id}/channels/{channel-id}/messages and include at least body.content. If replying to a message, use: POST /teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies and verify that {message-id} is valid. If the error persists even with a minimal payload (just body.content) and correct IDs, it may be a backend issue or an edge case. Please provide the request ID, timestamp, and tenant ID for further investigation.Re: Status during a Teams call : "in a call" only once others have joined!
Hello @HBod, Unfortunately, this is by design and there's currently no built-in setting to keep your status as "Available" when you're alone in a meeting. Microsoft treats joining a meeting as an intentional "busy" signal regardless of participant count. To ensure your idea is considered for future updates, we recommend submitting it through the Teams Feedback Portal. Feature requests are reviewed by the engineering team and may be prioritized based on various factors, including the number of requests received. If you have any additional thoughts or feedback, please feel free to share them with us. Your contributions are valuable and help improve the product! Thank you again for your valuable suggestion!Re: How to add a Teams Media Bot in an online meeting.
@NasarKhan - Thanks for bringing this issue to our attention. Root Causes of the issues Issue #1 (Bot Not Visible When Joining Active Meeting): The bot does not properly negotiate media with current participants. The call establishment handshake is incomplete before the bot tries to record. Firewall or port restrictions on the Azure VM may be blocking media streams. Issue #2 (External Users Redirected to New Meeting): The bot joins using an application identity without the necessary tenant context. Without a resource account, the bot cannot interact with lobby or admission policies. External users cannot be admitted because the bot lacks the required identity and permissions. Solutions 1: Delayed Join Separate the calling webhook from the messaging endpoint in Azure Bot Service. Configure the media platform with the correct VM public IP and FQDN. Ensure required ports are open on the Azure VM: TCP 443, 8445 UDP 12332-12432 for media streams Wait for the "call established" state before starting the recording process. Verify the SSL certificate on the VM FQDN for secure signaling . 2: External User Access Create a resource account using PowerShell: Run New-CsOnlineApplicationInstance Link it to your bot’s App ID Assign an application access policy globally or to specific users. Update the bot to join meetings with the resource account identity instead of app-only authentication. Assign appropriate Teams meeting policies to the resource account for recording and lobby permissions. Please let us know if you have any other query here.Re: App Validation Issue - Bot must send a proactive welcome message in personal scope
Hello @ParamZ - Thanks for bringing this issue to our attention. 1.Graph API queries may generate unexpected conversationUpdate events. Recommended Solution: Use event deduplication based on activity ID and conversation ID to avoid sending duplicate welcome messages. 2.Reading Chat History – Suggested Method: Best Practice: Save conversation references when the bot is installed, rather than polling the Graph API. Alternative: Opt for webhooks or change notifications instead of using /me/chats queries. 3.App Validation – Proper Procedure: Primary Method: Utilize on_installation_update for sending welcome messages to meet validation requirements. Fallback: Apply on_members_added_activity with deduplication as needed for special cases. References: Design and control conversation flow - Bot Service | Microsoft Learn Teams Store Validation Guidelines - Teams | Microsoft Learn Please let us know if you have any further query here.Re: ❓ Can't remove member from Microsoft Teams Group Chat using Graph API with Application Permission
Hello Haekal_Arif_Rozikin, The error in your screenshot—"403 Forbidden" with "InsufficientPrivileges" and "AclCheckFailed-The initiator 28:app ... is not a member of the roster in the generic thread"—means the app (28:app...) isn’t recognized as a chat member and lacks permission to remove members, even with ChatMember.ReadWrite.All application permissions. Root cause: The app isn’t listed as a participant in the chat roster, so it doesn’t have the necessary rights to manage members. Why this happens: App installation is required: For ChatMember.ReadWrite.WhereInstalled to work, the app must be added to the chat as a participant. Application permissions alone aren’t enough; roster membership is also needed. Application permissions might be limited: ChatMember.ReadWrite.All might not support removing members in every chat scenario. The Graph API may require the app to be installed or restrict member removal actions without user context. RSC (Resource-Specific Consent) permissions: RSC permissions only apply if the app is installed in the chat. If the app isn’t in the roster, RSC permissions won’t grant access. How to resolve: Install the app in the chat (recommended) When creating a chat, add the app in the installedApps section so it becomes a roster member: POST https://graph.microsoft.com/v1.0/chats Content-Type: application/json { "chatType": "group", "members": [ { "@odata.type": "#microsoft.graph.aadUserConversationMember", "roles": ["owner"], "user@odata.bind": "https://graph.microsoft.com/v1.0/users('user-id-1')" }, { "@odata.type": "#microsoft.graph.aadUserConversationMember", "roles": ["owner"], "user@odata.bind": "https://graph.microsoft.com/v1.0/users('user-id-2')" } ], "installedApps": [ { "teamsApp@odata.bind": "https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/YOUR-APP-ID" } ] } Try delegated permissions If application permissions don’t work, use delegated permissions with a service account that’s a chat member. Check app permissions in the manifest Verify your Teams app manifest includes the necessary RSC permissions for chat member management: "authorization": { "permissions": { "resourceSpecific": [ { "name": "ChatMember.ReadWrite.Chat", "type": "Application" } ] } } References: Create chat - Microsoft Graph v1.0 | Microsoft Learn Remove member from chat - Microsoft Graph v1.0 | Microsoft Learn Resource-specific Consent for Apps - Teams | Microsoft Learn Please let us know if you face any further issue here.Re: Issue with Teams Notification Only Chatbot(Android)
@achebrol - Thanks for bringing this issue to our attention. We’ve tested this on Android version 15 with Microsoft Teams version 2025.34.01.9, and it’s working as expected on our side. However, we are seeing a message that says, “Conversation with this bot is not supported.” Could you please share your deployed app manifest so we can test it on our end?
